ok, i finished all of it. here is the Spy Sweeper scan log
********
1:03 PM: | Start of Session, Thursday, November 10, 2005 |
1:03 PM: Spy Sweeper started
1:03 PM: Sweep initiated using definitions version 571
1:03 PM: Starting Memory Sweep
1:07 PM: Memory Sweep Complete, Elapsed Time: 00:03:57
1:07 PM: Starting Registry Sweep
1:08 PM: Registry Sweep Complete, Elapsed Time:00:00:24
1:08 PM: Starting Cookie Sweep
1:08 PM: Found Spy Cookie: yieldmanager cookie
1:08 PM:
[email protected][1].txt (ID = 3751)
1:08 PM: Found Spy Cookie: adecn cookie
1:08 PM: user@adecn[2].txt (ID = 2063)
1:08 PM: Found Spy Cookie: hbmediapro cookie
1:08 PM:
[email protected][2].txt (ID = 2768)
1:08 PM: Found Spy Cookie: adrevolver cookie
1:08 PM: user@adrevolver[2].txt (ID = 2088)
1:08 PM: user@adrevolver[3].txt (ID = 2088)
1:08 PM: Found Spy Cookie: ads.adsag cookie
1:08 PM:
[email protected][1].txt (ID = 2108)
1:08 PM: Found Spy Cookie: adserver cookie
1:08 PM: user@adserver[1].txt (ID = 2141)
1:08 PM: Found Spy Cookie: advertising cookie
1:08 PM: user@advertising[2].txt (ID = 2175)
1:08 PM: Found Spy Cookie: falkag cookie
1:08 PM:
[email protected][1].txt (ID = 2650)
1:08 PM: Found Spy Cookie: ask cookie
1:08 PM: user@ask[2].txt (ID = 2245)
1:08 PM: Found Spy Cookie: atlas dmt cookie
1:08 PM: user@atdmt[2].txt (ID = 2253)
1:08 PM: Found Spy Cookie: belnk cookie
1:08 PM:
[email protected][1].txt (ID = 2293)
1:08 PM: Found Spy Cookie: atwola cookie
1:08 PM: user@atwola[1].txt (ID = 2255)
1:08 PM: Found Spy Cookie: classmates cookie
1:08 PM: user@classmates[2].txt (ID = 2384)
1:08 PM: Found Spy Cookie: sextracker cookie
1:08 PM:
[email protected][1].txt (ID = 3362)
1:08 PM:
[email protected][1].txt (ID = 3362)
1:08 PM:
[email protected][1].txt (ID = 3362)
1:08 PM:
[email protected][2].txt (ID = 2293)
1:08 PM: Found Spy Cookie: trakkerd.net cookie
1:08 PM:
[email protected][2].txt (ID = 3586)
1:08 PM: Found Spy Cookie: screensavers.com cookie
1:08 PM:
[email protected][2].txt (ID = 3298)
1:08 PM: Found Spy Cookie: 2o7.net cookie
1:08 PM:
[email protected][1].txt (ID = 1958)
1:08 PM: Found Spy Cookie: nextag cookie
1:08 PM: user@nextag[2].txt (ID = 5014)
1:08 PM: Found Spy Cookie: paypopup cookie
1:08 PM: user@paypopup[2].txt (ID = 3119)
1:08 PM:
[email protected][1].txt (ID = 3120)
1:08 PM: Found Spy Cookie: valuead cookie
1:08 PM:
[email protected][1].txt (ID = 3627)
1:08 PM: Found Spy Cookie: pricegrabber cookie
1:08 PM: user@pricegrabber[1].txt (ID = 3185)
1:08 PM: Found Spy Cookie: questionmarket cookie
1:08 PM: user@questionmarket[1].txt (ID = 3217)
1:08 PM: Found Spy Cookie: realmedia cookie
1:08 PM: user@realmedia[2].txt (ID = 3235)
1:08 PM: Found Spy Cookie: reunion cookie
1:08 PM: user@reunion[2].txt (ID = 3255)
1:08 PM: Found Spy Cookie: rn11 cookie
1:08 PM: user@rn11[2].txt (ID = 3261)
1:08 PM: Found Spy Cookie: servedby advertising cookie
1:08 PM:
[email protected][1].txt (ID = 3335)
1:08 PM: Found Spy Cookie: reliablestats cookie
1:08 PM:
[email protected][2].txt (ID = 3254)
1:08 PM: Found Spy Cookie: stlyrics cookie
1:08 PM: user@stlyrics[1].txt (ID = 3461)
1:08 PM: Found Spy Cookie: tradedoubler cookie
1:08 PM: user@tradedoubler[1].txt (ID = 3575)
1:08 PM: Found Spy Cookie: trafficmp cookie
1:08 PM: user@trafficmp[2].txt (ID = 3581)
1:08 PM: Found Spy Cookie: about cookie
1:08 PM:
[email protected][1].txt (ID = 2038)
1:08 PM:
[email protected][2].txt (ID = 2246)
1:08 PM:
[email protected][1].txt (ID = 3298)
1:08 PM: Found Spy Cookie: xiti cookie
1:08 PM: user@xiti[1].txt (ID = 3717)
1:08 PM: user@yieldmanager[1].txt (ID = 3749)
1:08 PM: Cookie Sweep Complete, Elapsed Time: 00:00:03
1:08 PM: Starting File Sweep
1:16 PM: Warning: Invalid Stream
1:16 PM: File Sweep Complete, Elapsed Time: 00:08:34
1:16 PM: Full Sweep has completed. Elapsed time 00:13:07
1:16 PM: Traces Found: 40
1:19 PM: Removal process initiated
1:20 PM: Quarantining All Traces: 2o7.net cookie
1:20 PM: Quarantining All Traces: about cookie
1:20 PM: Quarantining All Traces: adecn cookie
1:20 PM: Quarantining All Traces: adrevolver cookie
1:20 PM: Quarantining All Traces: ads.adsag cookie
1:20 PM: Quarantining All Traces: adserver cookie
1:20 PM: Quarantining All Traces: advertising cookie
1:20 PM: Quarantining All Traces: ask cookie
1:20 PM: Quarantining All Traces: atlas dmt cookie
1:20 PM: Quarantining All Traces: atwola cookie
1:20 PM: Quarantining All Traces: belnk cookie
1:20 PM: Quarantining All Traces: classmates cookie
1:20 PM: Quarantining All Traces: falkag cookie
1:20 PM: Quarantining All Traces: hbmediapro cookie
1:20 PM: Quarantining All Traces: nextag cookie
1:20 PM: Quarantining All Traces: paypopup cookie
1:20 PM: Quarantining All Traces: pricegrabber cookie
1:20 PM: Quarantining All Traces: questionmarket cookie
1:20 PM: Quarantining All Traces: realmedia cookie
1:20 PM: Quarantining All Traces: reliablestats cookie
1:20 PM: Quarantining All Traces: reunion cookie
1:20 PM: Quarantining All Traces: rn11 cookie
1:20 PM: Quarantining All Traces: screensavers.com cookie
1:20 PM: Quarantining All Traces: servedby advertising cookie
1:20 PM: Quarantining All Traces: sextracker cookie
1:20 PM: Quarantining All Traces: stlyrics cookie
1:20 PM: Quarantining All Traces: tradedoubler cookie
1:20 PM: Quarantining All Traces: trafficmp cookie
1:20 PM: Quarantining All Traces: trakkerd.net cookie
1:20 PM: Quarantining All Traces: valuead cookie
1:20 PM: Quarantining All Traces: xiti cookie
1:20 PM: Quarantining All Traces: yieldmanager cookie
1:20 PM: Removal process completed. Elapsed time 00:00:08
********
1:01 PM: | Start of Session, Thursday, November 10, 2005 |
1:01 PM: Spy Sweeper started
1:01 PM: Your spyware definitions have been updated.
1:03 PM: | End of Session, Thursday, November 10, 2005 |
and here is the new HJT log
Logfile of HijackThis v1.99.1
Scan saved at 1:23:10 PM, on 11/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\System32\atievxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\mspaint.exe
C:\Documents and Settings\User\Desktop\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.xanga.com/private/home.aspxO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: Yahoo! Literati -
http://download.game...nts/y/tt3_x.cabO16 - DPF: Yahoo! Poker -
http://download.game...nts/y/pt3_x.cabO16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) -
http://eu-housecall....ivex/hcImpl.cabO16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) -
http://www.bigfishga...mjolauncher.cabO16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) -
http://cdn.digitalci....1.11_en_dl.cabO16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) -
http://www.windowsec...scan/axscan.cabO20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe